Methods and devices for physical access control systems

ABSTRACT

An access control system includes a plurality of physical access control readers that form a reader network which utilizes a first communication protocol. The system includes a plurality of mobile communication devices each having a first communication interface and a second communication interface. The first communication interface enables the mobile communication devices to access a mobile communication network which utilizes a second communication protocol, and the second communication interlace enables the mobile communication devices to communicate with the access control readers. The plurality of physical access control readers exchange status information for the plurality of physical access control readers and for the plurality of mobile communication devices over the reader network.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional PatentApplication No. 62/435,502, filed on Dec. 16, 2016, which application ishereby incorporated herein by reference in its entirety.

FIELD OF THE DISCLOSURE

The present disclosure is generally directed toward a physical accesscontrol system and methods and devices for operating the same.

BACKGROUND

Radio Frequency Identification (RFID) technology is used in a variety ofapplications including physical access control systems (e.g.,contactless physical access control systems). Such physical accesscontrol systems usually include RFID readers that wirelessly communicatewith RFID tags (or credentials) according to a communications protocolto allow or to deny access to a secured area such as a building, a room,etc. In some cases, the reader is connected to a control panel thatassists the reader in making access control decisions.

SUMMARY

Example embodiments include an access control system comprising aplurality of physical access control readers that form a reader networkwhich utilizes a first communication protocol. The system includes aplurality of mobile communication devices each having a firstcommunication interface and a second communication interface. The firstcommunication interface enables the mobile communication devices toaccess a mobile communication network which utilizes a secondcommunication protocol. The second communication interface enables themobile communication devices to communicate with the access controlreaders. The plurality of physical access control readers exchangestatus information for the plurality of physical access control readersand for the plurality of mobile communication devices over the readernetwork.

According to at least one example embodiment, the second communicationinterface utilizes a third communication protocol.

According to at least one example embodiment, the second communicationinterface is one of a Bluetooth Low Energy (BLE) interface, a WiFiinterface, a near field communication (NFC) interface, arid a Zigbeeinterface.

According to at least one example embodiment, each of the plurality ofphysical access control readers includes a memory to store the statusinformation.

According to at least one example embodiment, the status informationincludes first information regarding a physical location of each mobilecommunication device relative to locations the physical accesscontroller readers in the reader network.

According to at least one example embodiment, the status informationincludes second information to identify active and inactive physicalaccess control readers in the reader network and their currentcondition. The status information includes third information to identifywhich of the plurality of mobile communication devices are currentlyconnected to the reader network.

According to at least one example embodiment, the memory stores thefirst, second, and third information in respective logs.

According to at least one example embodiment, the memory stores guidanceinformation, and, in response to an emergency event, the reader networksends the guidance information to the plurality of mobile communicationdevices.

According to at least one example embodiment, a method for an accesscontrol system includes forming a first network that enablescommunication between a plurality of physical access control readers.The method includes forming a second network that enables communicationbetween the plurality of physical access control readers and a pluralityof mobile communication devices. The method includes exchanging, overthe first network, status information for the plurality of physicalaccess control readers and for the plurality of mobile communicationdevices.

According to at least one example embodiment, the forming the secondnetwork occurs in response to an emergency event.

According to at least one example embodiment, the method furtherincludes determining, by one or more of the plurality of physical accesscontrol readers, locations of the mobile communication devices relativethe one or more of the plurality of physical access control readersbased on the exchanged status information. The method includesproviding, over the second network, guidance information to one or moreof the plurality of mobile communication devices based on the determinedlocations.

According to at least one example embodiment, the guidance informationincludes at least one of audio and video relating to a premises in whichthe plurality of physical access control readers are located.

According to at least one example embodiment, the video includes a mapthat updates in real time to show a location of the one or more of theplurality of mobile communication devices within the premises.

According to at least one example embodiment, the method furthercomprises detecting a change in a number of the plurality of physicalaccess control readers that are in the first network. The methodincludes providing a notification of the change to one or more of theplurality of mobile communication devices. The notification includesinformation to identify where the detected change occurred within thefirst network.

According to at least one example embodiment, the status informationincludes at least one of: one or more first quantities sensed by one ormore of the plurality of physical access control readers, and one ormore second quantities sensed by one or more of the plurality of mobilecommunication devices.

According to at least one example embodiment, the one or more firstquantities and the one or more second quantities each include at leastone of temperature information, air quality information, accessinformation, and pressure information.

According to at least one example embodiment, the method furthercomprises storing the status information on at least one of theplurality of physical access control readers and on at least one of theplurality of mobile communication devices.

According to at least one example embodiment, a device includes a firstinterface to communicate with first devices according to a firstcommunication protocol over a first network. The device includes asecond interface to communicate with second devices according to asecond communication protocol over a second network. The secondcommunication protocol is different than the first communicationprotocol. The device includes a memory including executableinstructions, and a processor to execute the instructions to control theexchange of status information for the first devices and the seconddevices over the first network.

According to at least one example embodiment, the first devices arephysical access control readers, and the second devices are one or moremobile communication devices.

According to at least one example embodiment, the memory stores thestatus information. The status information includes at least one of: oneor more first quantities sensed by one or more of the plurality ofphysical access control readers; and one or more second quantitiessensed by one or more of the plurality of mobile communication devices.The one or more first quantities and the one or more second quantitieseach include at least one of temperature information, air qualityinformation, access information, and pressure information. The statusinformation includes first information regarding a physical location ofeach mobile communication device relative to locations the physicalaccess controller readers in the reader network; second information toidentify active and inactive physical access control readers in thereader network and their current condition; and third information toidentify which of the plurality of mobile communication devices arecurrently connected to the reader network.

In view of the above summary and the following description, it should beappreciated that example embodiments provide systems, devices, andmethods that allow for the creation of a mesh network comprised ofreaders and mobile devices and the exchange of status informationbetween devices in the mesh network. Example embodiments allow thesystem to track mobile devices, provide guidance information (e.g., inthe event of an emergency), create the mesh. network in response to anevent to save power and network resources, detect faulty or tamperedwith readers, and provide diagnostic reports on the system.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is described in conjunction with the appendedfigures, which are not necessarily drawn to scale:

FIG. 1 illustrates an example access control system according to atleast one example embodiment;

FIG. 2 illustrates an example structure of the access control reader ofFIG. 1 according to at least one example embodiment;

FIG. 3 illustrates an example structure of the access control panel ofFIG. 1 according to at least one example embodiment;

FIG. 4 illustrates example instructions stored on the memories of theaccess control reader and the credential of FIG. 1 according to at leastone example embodiment;

FIG. 5 illustrates example operations of the system in FIGS. 1-4according to at least one example embodiment; and

FIG. 6 illustrates example operations of the system in FIGS. 1-4according to at least one example embodiment.

DETAILED DESCRIPTION

In particular, a physical access control system is described in whichreaders interact with portable devices (e.g., credentials, mobilecommunication devices, etc.) to facilitate protection of physical assets(e.g., to limit access to physical assets). The readers and portabledevices, in some embodiments, can be leveraged for purposes beyond basicphysical access control functionality. In particular, embodiments of thepresent disclosure contemplate leveraging readers, portable devices, andother devices to create a mesh network that is able to determine anddistribute status information for the portable devices and the readers(and possible other devices) to other the readers and/or other portabledevices in the mesh network. The mesh network is effectively overlaid ontop of the physical access control system, thereby obviating the needfor additional, purpose-built devices, to support the exchange of statusinformation between mobile devices and readers.

It should be appreciated that readers may be configured to communicatewith other readers via wireless communication protocols (e.g., viaBluetooth, BLE, ZigBee, etc.) and/or wired communication protocols(e.g., Wiegand, RS485, RS232, TCP/IP, Ethernet, PoE, SMS, etc.). Thereaders may also be configured to communicate with other locks and/orother devices to create a mesh network—again using wired and/or wirelesscommunication protocols.

With communications between phones and readers becoming less dependentupon very close proximity (e.g., NFC), it is increasing possible toestablish meaningful and longer-lasting networks between phones andreaders. For instance, with the utilization of Bluetooth Low Energy(BLE) readers, it is possible to establish reader networks as well asphone/reader networks in a physical access control system. This phoneand reader network can be used for many purposes including personnelnotifications, tracking, reader updates, phone updates, etc.

The proposed solution is to leverage a card communications module (e.g.,hardware and/or software) in deployed readers to establish aphone/reader network of devices. This particular network will utilizethe card communications module of the reader to facilitate theestablishment and maintenance of the reader/phone mesh network.Advantageously, the card communications module used for networkingpurposes is also the same card communications module used between thereader and phone for access control decisions. Thus, no additionalreader costs are required from a hardware perspective to implement thissolution. Communication protocols (e.g., BLE, WiFi, NFC, ZigBee, etc.)of any known type may be used to establish communications between thereader network and the mobile communication devices (e.g., the mobilephones).

BLE includes a couple of different operational modes (peer-to-peer andcentral-peripheral). When exchanging keys for purposes of making accesscontrol decisions, the phone and reader may operate in thecentral-peripheral mode (where the phone is the central device and thereader is the peripheral device), whereas the network may be establishedand maintained using the peer-to-peer mode. Thus, example embodimentsmay provide a mechanism to switch the phone from the central mode to thepeer mode periodically, either in response to some impetus/input fromthe user, in response to some impetus/input from a peripheral device(e.g., a reader), etc. According to example embodiments, readers andphones may be configured to exchange status information, messages, andthe like with one another.

Assuming that a network of readers and phones is available (e.g., withBLE connectivity between the various devices), it now becomes possibleto share information relevant to the physical access control systembetween the readers and phones. Communication links for the network canbe phone-to-reader, reader-to-reader, phone-to-phone, and combinationsthereof.

With the establishment of the reader/phone mesh network, it will bepossible to track people (e.g., via knowing a location of their phone)and potentially guide them through the physical premises. This maybecome particularly useful in emergency situations where securitypersonnel need to determine if people have left the premises and whetheror not search/rescue resources need to be sent into the premises.Example embodiments are able to search for locations of phones withinthe reader/phone network. In addition to determining location, thenetwork can also be used to determine if the phone is moving (e.g.,establishing communications with different readers). In an emergencysituation a couple of different solutions could be deployed. As oneexample, the person's phone that is identified as moving may haveguidance information pushed to his/her phone. The access controlapplication on the phone may receive the guidance information anddisplay the information to the user. For example, the user may beprovided with a map of the premises on their phone display along with aproposed exit route. The user's position can be continuously updated onthe display, helping them find their way out of the premises via theproposed route. As another example, if specific personnel is adesignated fire marshal, then that user's phone may be designated as afire marshal phone and specific status information can be pushed to thatphone through the reader/phone network during an emergency. Exitinstructions as well as other information (e.g., updates regarding theemergency and status of the reader/phone network) may be presented tothe fire marshal via their phone. Still another example is to utilizesound/light resources of the readers to guide people out of thepremises. For example, the route for a person may be presented viabeeping or flashing of lights to guide the user down a corridor from onereader to the next. A genuine/unique sound or the like could be used forguidance.

For battery-saving purposes (for phone and reader) it may be desirableto limit the amount of time that a reader/phone network is in place. Forexample, the phone/reader network may only begin establishing itself inresponse to a fire alarm sounding. Once the emergency triggers theestablishment of the network, then the full features include phonetracking, route navigation, etc., can be provided via the network.

In addition to using the phone/reader network to provide statusinformation to phones for purposes of people tracking and routing, itmay also be possible to utilize the phone/reader network to identify theextent of damage in a premises. For example, if a phone/reader networkhas certain readers (e.g., nodes) that do not connect to the network,then it could be assumed that those readers have been damaged by theevent that is causing the emergency. Furthermore, readers can beequipped with sensors (e.g., thermometers, pressure transducers, etc.)and readings from those sensors can be provided back to a central systemthat is mapping the event. Even reports of doors being opened can beprovided from one reader to other nodes in the network (other readersand/or phones) to help understand, up to the minute, what is happeningin the access control system.

In addition to reporting and responding to emergency conditions onpremises, the proposed invention can also facilitate tamper reporting.The mesh network can be used as a tamper mechanism to see if the readerhas been modified by virtue of seeing a node change or go away. In otherwords, a tamper alarm may be activated if a reader loses connectivitywith the reader/phone network. The alarm may be reported to the nearestphone, a nearest reader, or both. The alarm may be silent or audible.

Various aspects of the example embodiments will be described herein withreference to drawings that are schematic illustrations of idealizedconfigurations. It should be appreciated that while particular circuitconfigurations and circuit elements are described herein, exampleembodiments are not limited to the illustrative circuit configurationsand/or circuit elements depicted and described herein. Specifically, itshould be appreciated that circuit elements of a particular type orfunction may be replaced with one or multiple other circuit elements toachieve a similar function without departing from the scope of exampleembodiments.

It should also be appreciated that example embodiments described hereinmay be implemented in any number of form factors. Specifically, theentirety of the blocks or circuits disclosed herein may be implementedin silicon as a fully-integrated solution (e.g., as a single IntegratedCircuit (IC) chip or multiple IC chips) or they may be implemented asdiscrete components connected to a Printed Circuit Board (PCB).

FIG. 1 illustrates an access control system 100 according to at leastone example embodiment. The access control system 100 may be forproviding access to a building (or premises) 130 through a security door140 for a user 102 (or installer of the access control system 100). Thesystem 100 includes a reader network 110, an access control reader (orreader) 105, a credential (or mobile device or mobile communicationdevice) 112, an access control panel (or control panel) 115, an operator124, and a communication network 150. It should be appreciated that theoperator 124 and access control panel 115 may be provided as a commoncomponent, although such a configuration is not required. In someembodiments, the operator 124 and/or access control panel 115 are ownedand/or operated by a hospitality management entity or workplace. Inparticular, the operator 124 may generate keys for use in a multi-roomfacility 130 (e.g., hotel, cruise ship, dorm, motel, work office, etc.)and the access control panel 115 may be used to distribute the keysgenerated by the operator 124 to various mobile devices 112 (e.g.,smartphones, tablets, wearable devices, etc.). The control panel 115 mayassist the access control reader 105 in making access control decisionswith respect to mobile devices 112 presented to the credential interface(or mobile device interface) 220 of the access control reader 105. Theaccess control panel 115 is described in more detail below withreference to FIG. 3 . It should be understood that system 100 mayinclude any number of mobile devices 112 and readers 105 having a sameor similar structure to those shown in FIG. 1 .

The reader network 110 may be a Physical Access Control System (PACS)network to facilitate communication between the network interface 215and the access control panel 115. For example, the reader network 110may adhere to RS485 wiring standards to communicate using OSDP and/oradhere to Wiegand wiring standards to communicate using Wiegandprotocol. It should be understood that example embodiments are notlimited to the reader network 110 operating according to the two wiringstandards and protocols (and the reader 105 that auto-configures itselfaccordingly) described above.

The mobile device 112 may correspond to one or multiple devices that arecarried by a user and/or guest of the multi-room facility being managedby the operator 124. The mobile device 112 may correspond to a movabledevice (e.g., a smartphone, wearable, etc.) capable of being operated bya user or multiple users. When fully functional, the mobile device 112may be capable of communicating with the access control panel 115 viaone or more of the communication network 150 and the reader network 110using any of the protocols supported by the communication network 150and/or the reader network 110. In some embodiments, a firstcommunication interface 144 of the mobile device 112 may be used toconnect the mobile device 112 directly to the reader network 110,thereby enabling an exchange of keys, status information, etc. betweenthe access control panel 115 and mobile device 112. As shown, the reader105 may communicate with other readers 105 through the reader network110. Moreover, it should be understood that the system 100 may include aplurality of mobile devices 112 communicating with one or more readers105 over the link 116 and/or each other over communication network 150.

However, there may be instances where the first communication interface144 is disabled or otherwise prohibited from connecting to thecommunication network 110. For instance, when the mobile device 112 isadministered by its user to avoid roaming (e.g., if the mobile device112 is a mobile phone having cellular service disabled due tointernational travel), the first communication interface 144 may belimited or completely disabled to avoid roaming and any charges incurredin connection therewith. In such a scenario, the mobile communicationdevice 112 may rely upon a second communication interface 148 tofacilitate communications with nearby devices via a proximity-basedcommunication channel 116. Illustrative mobile devices 112 include,without limitation, smartphones, contactless cards, magstripe cards,Wi-Fi-enabled devices, key fobs, Personal Digital Assistants (PDAs),wearable devices (e.g., smart watches, smart clothes), etc.

In some embodiments, the communication channel 116 may correspond to aBluetooth low energy (BLE) communication channel. In some embodiments,the communication channel 116 may correspond to a near fieldcommunication (NFC) channel. In some embodiments, the communicationchannel 116 may correspond to an Infrared communication channel. In someembodiments, the communication channel 116 may correspond to anUltrasonic communication channel. Any other type of communicationprotocol that is dependent upon proximity and/or line-of-sight may beutilized between the mobile device 112 and reader 105. Other protocolsmay also be used to exchange information between the mobile device 112and the reader 105. For instance, the reader 105 may include a barcodeor Quick Response (QR) code dynamically displayed on a screen thereof,or affixed by a sticker or the like to a surface of the reader 105. Themobile device 112 may obtain information from the reader 105 by takingone or more images of the reader's 105 screen or sticker and decodingthe barcode and/or QR code. Another type of communication channel 116that may be used without departing from the scope of the presentdisclosure is a peer-to-peer Wi-Fi connection. When possible (e.g., whenBLE or NFC is used as the channel 116), no manual pairing process isneeded, thereby making it possible to simply tap the reader 105 with themobile device 112 to establish the communication channel 116 it shouldbe appreciated, however, that access to the communication channel 116(and more specifically the device interface 220 of the reader 105) maybe restricted to mobile devices 112 having a valid mobile accessapplication 152 stored thereon. A mobile device 112 without the mobileaccess application 152 may not be allowed to establish a communicationchannel 116 with the device interface 220. Thus, the mobile accessapplication 152 may be used to perform an automated mutualauthentication with the reader 105 before establishing the communicationchannel 116 or as part of establishing the communication channel 116.

The mobile device 112 may include computer memory 156 (e.g., volatileand/or non-volatile) that stores one or more Operating Systems (O/S) andthe mobile access application 152, among other items. The mobile device112 may also include a processor 164 (e.g., a microprocessor orcollection of microprocessors), one or more drivers, a user interface,and a power module. The mobile device 112 may further include a firstcommunication interface 144 (e.g., a communication network interface)and a second communication interface 148 (e.g., a credential interface).The memory 156 stores status information for the mobile devices 112 andthe readers 105 in a mesh network and may include a secure element forstoring the one or more access control keys.

The memory 156 of the mobile device 112 may correspond to any type ofnon-transitory computer-readable medium. In some embodiments, the memory156 may include volatile or non-volatile memory and a controller for thesame. Non limiting examples of memory that may be utilized in the mobiledevice 112 include RAM, ROM, buffer memory, flash memory, solid-statememory, or variants thereof.

The processor 164 of the mobile device 112 may correspond to one or manymicroprocessors that are contained within the housing of the mobiledevice 112 with the memory. In some embodiments, the processor 164incorporates the functions of the mobile device's 112 Central ProcessingUnit (CPU) on a single Integrated Circuit (IC) or a few IC chips. Aswith other processors disclosed herein, the processor 164 may be amultipurpose, programmable device that accepts digital data as input,processes the digital data according to instructions stored in itsinternal memory, and provides results as output. The processor 164 mayimplement sequential digital logic as it has internal memory. As withmost known microprocessors, the processor 164 may operate on numbers andsymbols represented in the binary numeral system.

The communication network 150 may facilitate communication between thefirst communication interface 144 and the reader network 110. Thecommunication network 150 may enable communication between thecommunication interface 144 of the mobile device 112 and one or moreother communication interfaces 144 of other mobile devices 112. Thecommunication network 150 may include any type of communication mediumor collection of communication equipment that enables remotecommunication devices to exchange information and/or media with oneanother using any type of known or yet-to-be developed transportprotocol. The communication network 150 may facilitate wired and/orwireless communication technologies. The Internet is an example of acommunication network 150 that constitutes an Internet Protocol (IP)network consisting of many computers, computing networks, and othercommunication devices located all over the world, which are connectedthrough many telephone systems and other means. Other examples of thecommunication network 150 include, without limitation, a standard PlainOld Telephone System (POTS), an Integrated Services Digital Network(ISDN), the Public Switched Telephone Network (PSTN), a Local AreaNetwork (LAN), a Wide Area Network (WAN), a Session Initiation Protocol(SIP) network, a Voice over IP (VoIP) network, a cellular network (e.g.,3G, 4G, LTE, etc.), and any other type of packet-switched orcircuit-switched network known in the art. In addition, it can beappreciated that the communication network 150 need not be limited toany one network type, and instead may include a number of differentnetworks and/or network types. Moreover, the communication network 150may include a number of different communication media such as coaxialcable, copper cable/wire, fiber-optic cable, antennas fortransmitting/receiving wireless messages, and combinations thereof.

The driver(s) of the mobile device 112 may correspond to hardware,software, and/or controllers that provide, specific instructions tohardware components of the mobile device 112, thereby facilitating theiroperation. For instance, interfaces 144, 148, may each have a dedicateddriver that provides appropriate control signals to facilitate theiroperation. The driver(s) may also include the software or logic circuitsthat ensure the various hardware components are controlled appropriatelyand in accordance with desired protocols. For instance, the driver ofthe second communication interface 148 may be adapted to ensure that thesecond communication interface 148 follows the appropriateproximity-based protocols (e.g., BLE, NFC, infrared, Ultrasonic,peer-to-peer Wi-Fi, etc.) such that the second communication interface148 can exchange communications with the reader 105. Likewise, thedriver of the first communication interface 144 may be adapted to ensurethat the first communication interface 144 follows the appropriatenetwork communication protocols (e.g., TCP/IP (at one or more layers inthe OSI model), UDP, RTP, GSM, LTE, Wi-Fi, etc.) such that the interface144 can exchange communications via the communication network 150. Ascan be appreciated, the driver(s) may also be configured to controlwired hardware components (e.g., a USB driver, an Ethernet driver,etc.).

The second communication interface 148 may correspond to the hardwarethat facilitates communications via the communication channel 116. Thesecond communication interface 148 may include a Bluetooth interface(e.g., antenna and associated circuitry for Bluetooth Low Energy), aWi-Fi/802.11N interface (e.g., an antenna and associated circuitry), anNFC interface (e.g., an antenna and associated circuitry), an Infraredinterface (e.g., LED, photodiode, and associated circuitry), and/or anUltrasonic interface (e.g., speaker, microphone, and associatedcircuitry). In some embodiments, second communication interface 148 isspecifically provided to facilitate proximity-based communications witha reader 105 via communication channel 116 or multiple communicationchannels 116.

The first communication interface 144 may include hardware thatfacilitates communications with other communication devices over thecommunication network 150. As mentioned above, the first communicationinterface 144 may include an Ethernet port, a Wi-Fi card, a NetworkInterface Card (NIC), a cellular interface (e.g., antenna, filters, andassociated circuitry), or the like. The first communication interface144 may be configured to facilitate a connection between the mobiledevice 112 and the communication network 150 and may further beconfigured to encode and decode communications (e.g., packets)accordini2, to a protocol utilized by the communication network 150.

The optional secure element/data storage of the memory 156 maycorrespond to one or multiple secure memory devices that are capable ofstoring data in an encrypted and secure manner. Communications betweenthe secure element of the memory 156 and the interfaces 144, 148 mayalso be secured, thereby ensuring that data received at the mobiledevice 112 is securely stored in the secure element of the memory 156without exposure. The secure element of the memory 156 may be integratedinto the mobile device 112 or it may be removable in nature. Suitableexamples of secure elements include, without limitation, a UniversalIntegrated Circuit Card (UICC), an embedded SE, and microSD.

The power module of the mobile device 112 may include a built-in powersupply (e.g., battery) and/or a power converter that facilitates theconversion of externally-supplied AC power into DC power that is used topower the various components of the mobile device 112. In someembodiments, the power module may also include some implementation ofsurge protection circuitry to protect the components of the mobiledevice 112 from power surges.

The reader 105 may correspond to a purpose-built reader/writer orsimilar type of device. In some embodiments, the reader 105 includes adevice interface or credential interface 220 and a network interface215. As shown in FIG. 1 , the reader 105 may communicate with the accesscontrol panel 115, other readers 105, and even mobile devices 112through reader network 110 using a type of protocol employed by thereader network 110. For example, the network interface 215 conductscommunication using RS485 wiring standards and/or using Wiegand wiringstandards.

The reader 105 may further include a processor 205, memory 210, one ormore sensors 230 and a power source 120. The processor 205 may besimilar or identical to the processor 164 described in connection withthe mobile device 112. For instance, the processor 205 may correspond toa microprocessor or the like. Similarly, the memory 210 may correspondto any type of computer memory such as the memory 156 described withrespect to the mobile device 112. The memory 210 may includecomputer-executable instructions that, when executed by the processor205, enable certain functions of the reader 105 to be performed.

The reader may include one or more sensors 230. The one or more sensors230 may include any necessary hardware and/or software for functionsassociated with sensing temperature (e.g., internal and external),pressure, humidity, air quality, access (e.g., a number of times thereader 105 has been accessed by a mobile device 112, whetherauthentication of a mobile device 112 is successful, a current state(open or closed) of a door associated with the reader 105, anumber/frequency of mobile device read attempts at a particular reader105, whether denial of access has occurred, tamper conditions, etc.),and the like. The memory 210 may store sensed quantities from thesensors 230. The type and amount of sensors and sensed quantities may bea design parameter set based on empirical evidence and/or user defined.

The system 100 may include one or more servers 160 in communication withthe reader network 110. The servers 160 may store and/or provideauthentication information to readers 105 and mobile devices 112 throughcommunication network 150 and/or reader network 110. The servers 160 maystore and/or provide status information for the mobile devices 112 andthe readers 105 exchanged over the reader network 110 and/or thecommunication network 150. Examples of status information are providedbelow.

Example operations of the reader 105 are described in more detail belowwith reference to FIGS. 2-6 .

A reader 105 according to at least one example embodiment is depicted inFIG. 2 . It should be understood that the reader 105 of FIG. 2illustrates additional details of the reader(s) 105 in FIG. 1 . Thus,like the reader(s) 105 in FIG. 1 , the reader shown in FIG. 2 includes apower source 120, one or more sensors 230, and a memory 210 storinginstructions for execution by the processor 205. Such instructions, whenexecuted by the processor 205, enable the processor 205 to carry outneeded functions, including, for example, collection, storage, andexchange of status information for the readers 105 and the mobiledevices 112.

The access control reader 105 may communicate (e.g., wirelesslycommunicate) with mobile device 112 according to a communicationsprotocol to allow or to deny access to a secured area such as abuilding, a room, etc. The wireless (or contactless) communication maybe achieved by antennas built into the reader 105 and the mobile device112. The reader 105 and the mobile device 112 may exchange data signalsand/or power signals through respective antennas. The reader 105 maycommunicate with the access control panel 115 through reader network 110using one or more communication protocols.

The protocol used by the reader network 110 may be of a particular type.For example, the protocol may be a first type, which allows for thereader 105 to conduct bidirectional (or two way) communications with thecontrol panel 115 and other readers 105 over the reader network 110.

The access control panel 115 assists the reader 105 in making accesscontrol decisions with respect to a mobile device 112. In order for thecontrol panel 115 to do so, the control panel 115 should be informed ofwhich communications protocol is being employed by the reader 105.Accordingly, it is desired for the reader 105 to easily inform thecontrol panel 115 of the communications protocol being employed by thereader 105.

The reader 105 of FIG. 2 also includes one or more device interfaces 232a-e (collectively the credential interface 220 in FIG. 1 ) forcommunicating with mobile devices 112 of different types, for example.To increase the number of mobile devices 112 with which the reader 105can communicate, the reader 105 may include, for example, a BLE deviceinterface 232 a, an NFC device interface 232 b, an ultrasonic deviceinterface 232 c, an infrared device interface 232 d, and a peer-to-peerWi-Fi device interface 232 e. Thus, as long as a mobile device 112 has acommunication interface 248 a-e compatible with at least one of thecommunication interfaces 232 a-e of the reader 105, the mobile device112 will be able to communicate with the reader 105. The reader 105 alsoincludes a network interface 215 for communicating with access controlpanel 115 and other readers 105 via the reader network 110.

As depicted in FIG. 2 , a mobile device 112 including a BLEcommunication interface 248 a may establish a BLE communication channel216 a with the BLE device interface 232 a of the reader 105. The mobiledevice 112 can then transmit a key update request to the reader 105 viathe communication channel 216 a and receive a key update from the reader105 via the same communication channel 216 a. Likewise, a mobile device112 including an NTC communication interface 248 b may establish an NFCcommunication channel 216 b with the NFC device interface 232 b of thereader 105. A mobile device 112 including an ultrasonic communicationinterface 248 c may establish an ultrasonic communication channel 216 cwith the ultrasonic device interface 232 c of the reader 105. A mobiledevice 112 including an infrared communication interface 248 d mayestablish an infrared communication channel 216 d with the infrareddevice interface 232 d of the reader 105. A mobile device 112 includinga peer-to-peer WiFi communication interface 248 e may establish apeer-to-peer WiFi communication channel 216 e with the peer-to-peer WiFidevice interface 232 e of the reader 105. In embodiments, the reader 105is capable of communicating with a plurality of mobile devices 112simultaneously (e.g. over multiple device interfaces 232), while inother embodiments the reader 105 is capable of communicating over onlyone device interface 232 at a given time. In embodiments, the reader 105is configured to initiate communications with a mobile device 112 afterit is tapped by the mobile device 112, while in other embodiments thereader 105 is configured to initiate communications with any mobiledevice 112 in response to a signal from the mobile device 112. In stillother embodiments, the reader 105 is configured to scan for mobiledevices 112 and to initiate communications (or at least attempt toinitiate communications) with any mobile device 112 within communicationrange.

FIG. 3 illustrates an example structure of the access control panel 115of FIG. 1 .

According to at least one embodiment, the access control panel 115includes a network interface 235. The network interface 235 may providea go-between for the access control panel 115 and the reader network110.

The access control panel 115 may further include a processor 240, memory245, and a power source 250. The power source 250 may provide power forthe access control panel 115. The processor 240 may be similar ofidentical to the processor described in connection with the mobiledevice 112 and/or the reader 105. For instance, the processor 240 maycorrespond to a microprocessor or the like. Similarly, the memory 245may correspond to any type of computer memory. The memory 245 mayinclude computer-executable instructions that, when executed by theprocessor 240, enable certain functions of the reader access controlpanel 115 to be performed. The memory 245 may include a listing ofaccess control rules (e.g., which mobile devices 112 are allowed accessto which readers 105 and when). The memory 245 may also be a repositoryfor a network registry. For instance, the memory 245 may include alisting of mobile devices 112 that are trusted and should be allowed toexchange communications with the reader network 110 (e.g., to receivestatus updates, etc.). The memory 245 may also include a list of whenthose trusted mobile devices 112 last communicated with a reader 105 andwhat actions/data exchanges were taken. Either the readers 105 or thecontrol panels 115 will have this information to enable the stitching ofthe reader network 110 with the mobile device network 150 therebycreating the hybrid or mesh network. The above mentioned lists andinformation stored on memory 245 may additionally or alternatively bestored in memories 156 and/or 210.

FIG. 4 illustrates example instructions stored in the memories 156and/or 210 of FIGS. 1-3 . The memories 156/210 may include instructionsfor forming a network 400 that cause the processors 164/205 to form anetwork. For example, the forming network instructions 400 of the memory156 include instructions to cause the processor 164 of one mobile device112 to form a first network with another mobile device 112 (e.g., usingthe first communication interface 144 and over the communication network150) and/or to form a second network with one or more readers 105 (e.g.,directly through the reader network 110 using the first communicationinterface 144 and/or by using the second communication interface 148 andthe link 116). As another example, the instructions 400 on the memory210 include instructions to cause the processor 205 of one reader 105 toform a first network with one or more other readers 105 (e.g., using thenetwork interface 215 and the reader network 110) and/or to form asecond network with one or more of the mobile devices 112 (e.g., usingthe credential interface 220 and the link 116).

The memories 156/210 may include exchanging status informationinstructions 405 and exchanging guidance information instructions 410for causing the processors 164/205 to collect and exchange statusinformation and/or guidance information between the readers 105 and/orthe mobile devices 112. For example, the memory 156 includesinstructions 405 to cause the processor 164 to generate and send statusinformation of the mobile device 112 over the mesh network to one ormore readers 105 and/or one or more other mobile devices 112. The memory156 may include guidance information instructions 410 that cause theprocessor 164 to request guidance information from the mesh network(e.g., readers of the mesh network). As another example, the memory 210includes instructions 405 to cause the processor 205 to request statusinformation of one or more mobile devices 112 and/or one or more otherreaders 105, store the status information, and exchange statusinformation with other readers 105 or with mobile devices 112. Thememory 210 may include instructions 410 to cause the processor 205 tosend the guidance information, for example, in response to a trigger.Examples of status information and guidance information are providedbelow.

The memories 156/210 may include location instructions 415 toprovide/determine locations of the mobile devices 112. For example, thelocation instructions 415 of the memory 156 may include instructions forsending location information of a mobile device 112 to one or more ofthe readers 105 over the link 116 and/or to one or more other mobiledevices 112 over the communication network 150. As another example, thelocation instructions 415 of the memory 210 may include instructions forcollecting the location information from the mobile device(s) 112 (orfor determining locations of the mobile devices 112 from the statusinformation) and then providing an indication of the location of themobile device(s) 112 (e.g., relative to readers 105 in the readernetwork 110) to another reader 105 or one of the mobile devices 112.

The memories 156/210 may include instructions to detect a change in thenetwork 420. For example, the memory 210 may include detecting a changein the network instructions 420 that cause the processor 205 to poll thereader network 110 (e.g., automatically at desired intervals or inresponse to an event such as user input) to determine a status/conditionof one or more of the readers 105 in the reader network 110. Forexample, the instructions 420 on the memory 210 may cause the processor205 to retrieve identification information and condition information ofeach reader 105 in the reader network 110 in order to determine whetherone of the readers 105 is damaged or offline. Here, the memory 210 ofeach reader 105 may include a log of reader IDs and/or conditioninformation that is continually updated as readers 105 are added to thereader network 110. When the IDs are retrieved by a particular reader105, that particular reader 105 can compare the log of IDs to the IDs inthe memory 210 to determine if all IDs have been received. If theparticular reader's 105 log indicates that an ID has not been retrieved,then it may be determined that the reader whose ID is missing may bedamaged or offline. As another example, the memory 156 may includedetecting a change in network instructions 420 that cause the processor164 to add a particular mobile device 112 to the mesh network of readers105 and mobile devices 112, and/or to request and receive a notificationregarding a potentially damaged or offline reader 105.

The memories 156/210 may store the status and/or guidance information425, which may include any of the below examples given for status andguidance information as well as any other information that is relevantto maintaining and operating the mesh network of readers 105 and mobiledevices 112. The effects of instructions 400, 405. 410, 415, and 420when carried out by the processors 164/205 are discussed in additionaldetail below with reference to FIGS. 5 and 6 .

In general, status information far the readers 105 and the mobiledevices 112 is collected and exchanged using known message protocols(SMS, NFC, BLE protocols, etc). For example, status information of thereaders 105 and/or the mobile devices 112. may be collected by thereaders 105 and/or the mobile devices 112 in response to a request fromthe mesh network. The request may be a broadcast request, a multicastrequest, and/or a unicast request from a requesting reader 105 and/ormobile device 112. That is, all devices that receive the request returnthe requested status information to the requesting device. Therequesting device may then share the status information with otherdevices. For example, if the requesting device is a reader 105, thereader 105 may collect the status information and share the statusinformation with other readers 105 over the reader network 110.Additionally or alternatively, each reader 105 and mobile device 112 maysend their respective status information at desired intervals (e.g.,intervals of milliseconds, seconds, minutes, etc.).

According to at least one example embodiment, the status informationincludes first information regarding a physical location of each mobilecommunication device 112. For example, the physical location may berelative to locations of the physical access control readers 105 in thereader network 110. The first information may be collected by thereaders 105 as the mobile communication devices 112 send occasionalreports to the readers 105 over the link 116. The reports may be sent bythe mobile communication devices 112 to the readers 105 in response to abroadcast request signal from the readers 105 or automatically by themobile communication devices 111 (e.g., at desired intervals).

In at least one example embodiment, the status information includessecond information to identify active and inactive physical accesscontrol readers 105 in the reader network 110 and their currentcondition (e.g., operating status, usage information, conditions of thereader's environment). The second information may be used to detectdamaged or inoperable readers 105 within the network. The secondinformation may be collected in response to a request (e.g., broadcastrequest) from one or more of the mobile communication devices 112 and/orone or more of the readers 105 (e.g., a master reader or a designatedfire marshal mobile device). In order to identify the readers 105 withinthe network 110, the second information may include unique ID of eachreader 105. The unique ID may be a serial number of the reader 105 orsome other unique identification information of the reader 105.

The status information may include third information to identify whichof the plurality of mobile communication devices are currently connectedto the reader network. The third information may be collected in amanner similar to or the same as the first information. The thirdinformation may include a unique ID of each mobile communication device112 (e.g., a phone number, serial number, etc.).

In at least one example embodiment, the memory 210 stores the first,second, and third information in respective logs (e.g., tables), whichprovides convenient organization of the information for review by anoperator and/or for exchange between readers 105 and/or mobile devices112. The tables may be continually updated as the status information iscollected and stored (e.g., upon request or at regularly scheduledintervals).

The status information may include one or more first quantities sensedby one or more of the plurality of physical access control readers 105through sensors 230. The status information may include one or moresecond quantities sensed by one or more of the plurality of mobilecommunication devices 112 through sensors on each mobile device 112.According to at least one example embodiment, the one or more firstquantities and the one or more second quantities each include at leastone of temperature information (e.g., ambient temperature, reader ormobile device temperature, etc.), air quality information near therespective device (e.g., humidity, particulate counts, etc.), accessinformation (e.g., a number of times a reader has been accessed, a stateof an associated door (open or closed), a number of times a mobiledevice has accessed a particular reader(s)), pressure information (e.g.,air pressure), a listing of other mobile devices 112 in communicationrange of the reader 112.

According to at least one example embodiment, the memory 210 storesguidance information. According to at least one example embodiment, thereaders 105, via the reader network 110, send the guidance informationto one or more of the plurality of mobile communication devices 112. Forexample, the readers 105 may send the guidance information in responseto an emergency event such as a fire, a tornado a suspected activeshooter, or the like. Users of the mobile devices 112 can then use theguidance information to assist with exiting the premises 130 or findinga safe zone within the premises 130. According to at least one exampleembodiment, the guidance information includes at least one of audio andvideo relating to the premises 130 in which the plurality of physicalaccess control readers 105 are located. The video may include a map ofthe premises 130 that updates in real time to show a location of the oneor more of the plurality of mobile communication devices 112 within thepremises 130. The audio may include one or more sounds that accompanythe video or that stand alone to provide audible directions to the user.Alternatively or additionally to storing the guidance information in thememory 210, the guidance information may be stored on and retrieved fromthe servers 160. Such audio and video information may be sent to themobile devices 112 according to known protocols and methods for sendingmedia.

It should be understood that the above described status information andguidance information may additionally or alternatively be sent to/storedon the servers 160. Here, collection and exchange of the statusinformation is performed in a manner similar to or the same as thatdescribed above. That is, collection and exchange can occur in responseto a request from the servers 160 or occur at regularly scheduledintervals. Regardless of where the guidance and status information arestored, it should be understood that collection and exchange of statusinformation and guidance information may occur through one or more ofthe link 116, the communication network 150 and the reader network 110.

In view of at least FIGS. 1-4 it may be said that an access controlsystem 100 includes a plurality of physical access control readers 105that form a reader network 110 which utilizes a first communicationprotocol (e.g., RS485, Wiegand, Zigbee, SMS, etc.). The access controlsystem 100 includes a plurality of mobile communication devices 112 eachhaving a first communication interface 144 and a second communicationinterface 148. The first communication 144 interface enables the mobilecommunication devices 112 to access a mobile communication network 150which utilizes a second communication protocol (e.g., WiFi or a knowncellular protocol such as LTE). The second communication interface 148enables the mobile communication devices 112 to communicate with theaccess control readers 105. The plurality of physical access controlreaders 105 exchange status information for the plurality of physicalaccess control readers 105 and for the plurality of mobile communicationdevices 112 (e.g., over the reader network 110). The secondcommunication interface 148 utilizes a third communication protocol. Forexample, third protocol should match a type the second communicationinterface, which can be one of a Bluetooth Low Energy (BLE) interface232 a, a WiFi interface 232 e, a near field communication (NFC)interface 232 b, an ultrasonic device interface 232 c, and a Zigbeeinterface.

FIG. 5 is a flow diagram illustrating example operations of thesystem(s) in FIGS. 1-4 . While a general order for the steps of themethod 500 is shown in FIG. 5 , the method 500 can include more or fewersteps or can arrange the order of the steps differently than those shownin FIG. 5 . Generally, the method 500 starts at operation 505 and endsat operation 540. The method 500 can be executed as a set ofcomputer-executable instructions executed by the processor(s) 164 and/or205 and encoded or stored on computer readable mediums 156/210.Alternatively or additionally, the operations discussed with respect toFIG. 5 may be implemented by other various elements of the system(s)FIGS. 1-4 . Hereinafter, the method 500 shall be explained withreference to the systems, components, assemblies, devices, userinterfaces, environments, software, etc. described in conjunction withFIGS. 1-4 .

In operation 505, the method 500 includes forming a first network thatenables communication between a plurality of physical access controlreaders 105. For example, readers 105 form the first network, which maycorrespond to the reader network 110 that uses a first communicationprotocol (e.g., RS485, Wiegand, Zigbee, SMS, etc.). Here, the readers105 in the reader network 110 may exchange status information and/orguidance information with one another as desired. Because readers 105typically have a constant and reliable power source, there minimalburden to allow the exchange of information at this stage.

In operation 510, the method 500 determines whether the system 100 is ina power saving mode. If so, the method 500 determines whether a triggereven has occurred in operation 515. The trigger event may be anemergency event such as a fire, tornado, an active shooter, etc. Thetrigger event may also be some input from the operator 124 to cease thepower saving mode, or a preprogrammed command that occurs at desiredintervals. As can be appreciated, the power saving mode saves power byavoiding creation of the second network until the trigger even occurs.

If, in operation 510, the method 500 determines that the power savingmode is not enabled, then the method 500 proceeds to operation 520 toform a second network. The second network enables communication betweenthe plurality of physical access control readers 105 and a plurality ofmobile communication devices 112. For example, the second network may bereferred to as a mesh network of mobile devices 112 and readers 105.Forming the second network may utilize various elements of the mobiledevices 112 and the readers 105, such as the interfaces 144, 148, 116,and/or 215, and/or the networks 110, 150, and/or link 116. The secondnetwork may utilize one or more second communication protocols (e.g.,WiFi or a known cellular protocol such as LTE).

In operation 530, the method 500 collects, exchanges, and/or stores thestatus information and/or the guidance information. Operation 530 may becarried out according to any of the procedures described above forcollection, exchange, and storage of the status information and theguidance information (e.g., by responding to requests or triggers,sending information at desired intervals, etc.). According to at leastone example embodiment, operation 530 includes exchanging, over thefirst network 110, the status information for the plurality of physicalaccess control readers 105 and for the plurality of mobile communicationdevices 112. As a result operation 530, the readers 105 in the readernetwork 110 have knowledge of the status information for each mobiledevice 112 in the mesh network as well as the status information ofother readers 105 in the, mesh network. This knowledge may prove usefulfor evaluating the mesh network and for providing other information (seeFIG. 6 ).

In operation 535, the method 500 determines whether another triggerevent has occurred. If not, the method 500 returns to operation 530 andcontinues to monitor the mesh network for changes and perform operation530 as often as desired or programmed. If the trigger event has occurredin operation 535, the method 500 proceeds to operation 540 to perform atleast one additional operation, described in more detail below withreference to FIG. 6 . For example, the trigger event may be aninstruction from the operator 124, one of the mobile devices 112, and/orone of the readers 105 to perform the at least one additional operation.In another example, the trigger event may be an emergency event the sameas that described with respect to operation 510. In still anotherexample, the trigger event may be a preprogrammed command to perform theat least one additional operation at a desired time or interval.

FIG. 6 is a flow diagram illustrating example operations of thesystem(s) in FIGS. 1-4 . In more detail, FIG. 6 illustrates examples ofthe at least one additional operation from operation 540 in FIG. 5 .While a general order for the steps of the method 600 is shown in FIG. 6, the method 600 can include more or fewer steps or can arrange theorder of the steps differently than those shown in FIG. 6 . Generally,the method 500 starts at operation 505 and ends at operation 540. Themethod 600 can be executed as a set of computer-executable instructionsexecuted by the processor(s) 164/205 and encoded or stored on a computerreadable medium 156/210 Alternatively or additionally, the operationsdiscussed with respect to FIG. 6 may be implemented by other variouselements of the system(s) FIGS. 1-4 . Hereinafter, the method 600 shallbe explained with reference to the systems, components, assemblies,devices, user interfaces, environments, software, etc. described inconjunction with FIGS. 1-5 .

In operation 605, the method 600 determines what type of instruction hasbeen prompted by the trigger event in operation 540. Thus, operation 605may occur after operation 540. In one example, the type of instructionmay include an instruction to evaluate the mesh network of readers 105.In another example, the type of instruction may include an instructionto utilize the mesh network of mobile devices 112 and readers 105 toprovide other information (e.g. information not related to evaluatingthe mesh network). If the type of instruction is to utilize the mesh.network to provide other information, then the method 600 may proceed tooperation 610.

In operation 610, the method 600 includes determining, by one or more ofthe plurality of physical access control readers 105, locations of themobile communication devices 112 based on the exchanged statusinformation from operation 530. According to at least one exampleembodiment, the locations of the mobile devices 112 may be determinedrelative the one or more of the plurality of physical access controlreaders 105. In operation 615, the method 600 includes providing, overthe second network (e.g., formed by operation 520), guidance informationto one or more of the plurality of mobile communication devices 112based on the determined locations. As discussed above, the guidanceinformation may include audio and/or video for guiding users of themobile devices 112 through or out of the premises 130. Although not.explicitly shown, it should be understood that other operations mayoccur upon determining that the type of instruction is to utilize themesh network to provide other information. For example, the method 600may additionally or alternatively include tracking the mobile devices112 based on the determined locations and analyzing this data to improvetraffic flow within the premises 130 and/or improve efficiency of aworkplace (e.g., by locating personnel in cubicles/offices based on thetracking data). In yet another example operation, the method 600 mayincluding providing specific information to a specific mobile device112. For example, if the specific mobile device 112 is a designated firemarshal device, then the specific information may include emergencyinstructions, updates regarding the locations of other mobile devices112, etc.

If the type of instruction determined in operation 605 is an instructionto evaluate the mesh network of readers 105, then the method proceeds tooperation 620.

In operation 620, the method 600 includes detecting a change in thefirst network (e.g., the reader network 110). For example, the method600 detects a change in a number of the plurality of physical accesscontrol readers 105 that are in the first network 110. The change may bedetected in the same manner as that described above with respect toFIGS. 1-4 . For example, the change may be detected by comparing aretrieved list of unique reader IDs 105 to a list of already collectedreader IDs (e.g., on the memory 210) to determine whether the listsmatch. If not, then there has been a change in the number of readers 105connected to the network 110.

In operation 625, the method 600 includes providing a notification ofthe change to one or more of the plurality of mobile communicationdevices 112. Here, the notification may include information to identifywhere the detected change occurred within the first network 110. Thisinformation can be used by the operator 124 or other user of a mobiledevice 112 to identify a potentially damaged or inoperable reader. Thatis, if the retrieved number of reader IDs is fewer than the storednumber of reader IDs, then the notification may include the reader IDand location of the reader 105 that is missing from the retrieved listof IDs. The notification may be received in the form a text message(e.g., SMS message), a sound, and the like. Another example ofoperations to evaluate the mesh network includes producing a diagnosticreport that provides the status or condition of readers 105 and mobiledevices 112 in the mesh network.

In view of the above description, it should be appreciated that exampleembodiments relate to a device including a first interface tocommunicate with first devices according to a first communicationprotocol over a first network. The device may include a second interfaceto communicate with second devices according to a second communicationprotocol over a second network. The second communication protocol isdifferent than the first communication protocol. The device may includea memory including executable instructions, and a processor to executethe instructions to control the exchange of status information for thefirst devices and the second devices over die first network. In at leastone example embodiment, the first devices are physical access controlreaders 105, and the second devices are one or more mobile communicationdevices 112. The memory of the device memory stores the statusinformation, which includes at least one of: one or more firstquantities sensed by one or more of the plurality of physical accesscontrol readers; one or more second quantities sensed by one or more ofthe plurality of mobile communication devices, wherein the one or morefirst quantities and the one or more second quantities each include atleast one of temperature information, air quality information, accessinformation, and pressure information; first information regarding aphysical location of each mobile communication device relative tolocations the physical access controller readers in the reader network;second information to identify active and inactive physical accesscontrol readers in the reader network and their current condition; andthird information to identify which of the plurality of mobilecommunication devices are currently connected to the reader network.

In view of the foregoing, it should be appreciated that exampleembodiments provide systems, devices, and methods that allow for thecreation of a mesh network comprised of readers and mobile devices andthe exchange of status information between devices in the mesh network.Example embodiments allow the system to track mobile devices, provideguidance information (e.g., in the event of an emergency), create themesh network in response to an event, detect faulty or tampered withreaders, and provide diagnostic reports on the system. Whileillustrative example embodiments of the disclosure have been describedin detail herein, it is to be understood that the inventive concepts maybe otherwise variously embodied and employed, and that the appendedclaims are intended to be construed to include such variations.

1-20. (canceled)
 21. A method for an access control system, the methodcomprising: forming a wired network that enables communication between aplurality of physical access control readers and at least one accesscontrol panel utilizing a first communication protocol; forming a secondnetwork that enables communication between the plurality of physicalaccess control readers using a WiFi communication protocol; enablingcommunication between the plurality of physical access control readersand a plurality of mobile communication devices using a proximity-basedcommunication protocol; enabling communication between the plurality ofmobile communication devices and one or more servers, separate from theat least one access control panel, using a second communicationprotocol; and exchanging, wirelessly using at least one of the WiFicommunication protocol or the proximity-based communication protocol, atleast one of a notification, device tracking information, device statusinformation, or a reader update between two or more of the plurality ofphysical access control readers for use of the at least one of thenotification, device tracking information, device status information, orreader update by each of the two or more of the plurality of physicalaccess control readers.
 22. The method of claim 21, further comprisingreceiving authentication information at one or more of the plurality ofmobile communication devices from the one or more servers through themobile communication network.
 23. The method of claim 21, wherein thewired communication protocol comprises at least one of a Wiegand, RS485,RS232, TCP/IP, Ethernet, or PoE protocol.
 24. The method of claim 21,wherein the proximity-based communication protocol comprises a BluetoothLow Energy (BLE) protocol.
 25. The method of claim 21, wherein thesecond communication protocol comprises the WiFi communication protocol.26. The method of claim 24, wherein the second communication protocolcomprises the WiFi communication protocol.
 27. A method for an accesscontrol system, the method comprising: forming a wired network thatenables communication between a plurality of physical access controlreaders and at least one access control panel utilizing a firstcommunication protocol; forming a second network that enablescommunication between the plurality of physical access control readersusing a WiFi communication protocol; enabling communication between theplurality of physical access control readers and a plurality of mobilecommunication devices using a proximity-based communication protocol;enabling communication between the plurality of mobile communicationdevices and one or more servers, separate from the at least one accesscontrol panel, using a second communication protocol; and communicating,wirelessly using the WiFi communication protocol, at least one of anotification, device tracking information, device status information, ora reader update between two or more of the plurality of physical accesscontrol readers and the one or more servers for use of the at least oneof the notification, device tracking information, device statusinformation, or reader update by the one or more servers.
 28. The methodof claim 27, further comprising receiving authentication information atone or more of the plurality of mobile communication devices from theone or more servers through the mobile communication network.
 29. Themethod of claim 27, wherein the proximity-based communication protocolcomprises a Bluetooth Low Energy (BLE) protocol.
 30. The method of claim27, wherein the second communication protocol comprises the WiFicommunication protocol.
 29. The method of claim 29, wherein the secondcommunication protocol comprises the WiFi communication protocol. 32.The method of claim 31, wherein the wired communication protocolcomprises at least one of a Wiegand, RS485, RS232, TCP/IP, Ethernet, orPoE protocol.
 33. A non-transitory computer-readable medium storinginstructions, that when executed by at least one processor, cause the atleast one processor to: form a wired network that enables communicationbetween a plurality of physical access control readers and at least oneaccess control panel utilizing a first communication protocol; form asecond network that enables communication between the plurality ofphysical access control readers using a WiFi communication protocol;enable communication between the plurality of physical access controlreaders and a plurality of mobile communication devices using aproximity-based communication protocol; enable communication between theplurality of mobile communication devices and one or more servers,separate from the at least one access control panel, using a secondcommunication protocol; and exchange, wirelessly using at least one ofthe WiFi communication protocol or the proximity-based communicationprotocol, at least one of a notification, device tracking information,device status information, or a reader update between two or more of theplurality of physical access control readers for use of the at least oneof the notification, device tracking information, device statusinformation, or reader update by each of the two or more of theplurality of physical access control readers.
 34. The computer-readablemedium of claim 33, wherein the instructions, when executed by the atleast one processor, further cause the at least one processor to receiveauthentication information at one or more of the plurality of mobilecommunication devices from the one or more servers through the mobilecommunication network.
 35. The computer-readable medium of claim 33,wherein the proximity-based communication protocol comprises a BluetoothLow Energy (BLE) protocol.
 36. The computer-readable medium of claim 33,wherein the second communication protocol comprises the WiFicommunication protocol.
 37. The computer-readable medium of claim 35,wherein the second communication protocol comprises the WiFicommunication protocol.
 38. The computer-readable medium of claim 37,wherein the wired communication protocol comprises at least one of aWiegand, RS485, RS232, TCP/IP, Ethernet, or PoE protocol.
 39. Anon-transitory computer-readable medium storing instructions, that whenexecuted by at least one processor, cause the at least one processor to:form a wired network that enables communication between a plurality ofphysical access control readers and at least one access control panelutilizing a first communication protocol; form a second network thatenables communication between the plurality of physical access controlreaders using a WiFi communication protocol; enable communicationbetween the plurality of physical access control readers and a pluralityof mobile communication devices using a proximity-based communicationprotocol; enable communication between the plurality of mobilecommunication devices and one or more servers, separate from the atleast one access control panel, using a second communication protocol;and communicate, wirelessly using the WiFi communication protocol, atleast one of a notification, device tracking information, device statusinformation, or a reader update between two or more of the plurality ofphysical access control readers and the one or more servers for use ofthe at least one of the notification, device tracking information,device status information, or reader update by the one or more servers.40. The computer-readable medium of claim 39, wherein the instructions,when executed by the at least one processor, further cause the at leastone processor to receive authentication information at one or more ofthe plurality of mobile communication devices from the one or moreservers through the mobile communication network.
 41. The method ofclaim 39, wherein the wired communication protocol comprises at leastone of a Wiegand, RS485, RS232, TCP/IP, Ethernet, or PoE protocol. 42.The method of claim 39, wherein the proximity-based communicationprotocol comprises a Bluetooth Low Energy (BLE) protocol.
 39. The methodof claim 39, wherein the second communication protocol comprises theWiFi communication protocol.
 44. The method of claim 42, wherein thesecond communication protocol comprises the WiFi communication protocol.